Skip to content

Enrich SBOM strategy #478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
attiasas merged 219 commits into from
Jul 7, 2025
Merged

Enrich SBOM strategy #478

attiasas merged 219 commits into from
Jul 7, 2025

Conversation

@attiasas
Copy link
Contributor

@attiasas attiasas commented Jun 26, 2025
edited
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • Updated the Contributing page / ReadMe page / CI Workflow files if needed.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

Depends On:

Add new implementation to Sbom Scan Strategy using catalog new enrich API on CyclondeDx

Implementation is not currently used

attiasas added 30 commits June 3, 2025 20:43
@attiasas
Move Sca buildinfo logic to technologies package
cfad408
@attiasas
fix breaking changes
00bcad9
@attiasas
Start removing AuditParams from BomGeneration
7c94bc1
@attiasas
Start moving bom logic to buildinfobom file
67214e4
@attiasas
clean after logic move
cd62d2c
@attiasas
Move test to right place
88c6409
@attiasas
Replace AuditParams with BuildInfoBomGeneratorParams
f6335ce
@attiasas
fix breaking changes
942f2f7
@attiasas
add jfrog-ignore
f7365b9
@attiasas
fix static tests
9a0c26a
@attiasas
clean
cf860e9
@attiasas
fix tests
69284a5
@attiasas
fix more path broken tests
9940c37
@attiasas
fix last failing tests
7404da9
@attiasas
Merge remote-tracking branch 'upstream/dev' into move_buildinfo_sca
2f2f8b9
@attiasas
remove old Sbom struct in results
0cd72bb
@attiasas
remove unused JasPackageScanType attributes and vals
129c63e
@attiasas
remove old struct and replace with cyclonedx lib, comment all related…
57bef1c 
… logic
@attiasas
Merge remote-tracking branch 'upstream/dev' into sbom_with_cdx
b1bdb36
@attiasas
add new empty methods, adjust tests to them
3b929ba
@attiasas
Add PackageUrl lib and techutils for cdx conversion
7348b4c
@attiasas
fix purl tests
3b6f617
@attiasas
Add diff calculation with cdx and fix related tests
c0fc6b1
@attiasas
Implement Tree to Cdx for source and binary with tests
150a976
@attiasas
add cdx utils
6177413
@attiasas
rename for-each method for looping results
f2e62fc
@attiasas
rename handlers and add for-each sbom component
4e34736
@attiasas
use for-each sbom component in table format and implement the method
3317abf
@attiasas
implement cdx utils for for-each sbom component
e3125b8
@attiasas
add tests for cdx utils
7412c05
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jul 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jul 2, 2025
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jul 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jul 2, 2025
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jul 2, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jul 2, 2025
hadarshjfrog
hadarshjfrog reviewed Jul 3, 2025
View reviewed changes
Copy link
Contributor

@hadarshjfrog hadarshjfrog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The split is good - but we need more info. on it. I'm missing description in the PR itself.

Please elaborate in the PR desc (with relevant code snippets), it might resolve the questions I have in the comments.

@github-actions
Copy link

github-actions bot commented Jul 6, 2025

👍 Frogbot scanned this pull request and did not find any new security issues.

@attiasas attiasas mentioned this pull request Jul 7, 2025
Merged
4 tasks
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jul 7, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jul 7, 2025
@attiasas attiasas merged commit e243082 into jfrog:dev Jul 7, 2025
53 of 59 checks passed
@attiasas attiasas deleted the enrich_sbom_strategy branch July 7, 2025 11:56
basel1322 pushed a commit to basel1322/jfrog-cli-security that referenced this pull request Jul 10, 2025
@attiasas @basel1322
Enrich SBOM strategy (jfrog#478)
6735361
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hadarshjfrog hadarshjfrog hadarshjfrog approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ignore for release Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@attiasas @hadarshjfrog